Multi-tiered authentication schemes are well known, for example in Internet banking. Taking the example of Internet banking, to start a session a user will often need to log in and the login process may involve at least one authentication tier, e.g. to provide a username and password. The user can then be allowed to view his bank account. If the user then wishes to carry out a banking transaction, the system will typically apply another authentication tier so that the confidence score required in respect of the user's purported identity is raised. This is a step-up in the authentication score being needed, hence the term step-up authentication schemes. If the user then wishes to change his personal details, e.g. his registered physical address or email address, then a very high authentication score may be required, i.e. another step up in the authentication process.
As well as the concept of multiple tiers of authentication, there is also the concept of multiple methods of authentication, which may be broken down into categories. Known categories include:
username/password authentication (which is an example of a knowledge-based test): this is a ubiquitous basic test where policies may be enforced to require regular changes in the password, and minimum requirements of the password in terms of length and variety of characters.
biometric: for example voice recognition, retina scan, fingerprint scan, face recognition.
challenge tests (which is an example of a knowledge-based test): here the user has to undergo testing in relation to pre-registered information or digital content. One type of challenge test is through challenge questions, such as name of first pet or make of first car, which would be difficult to steal by identity theft methods. Another example of a challenge test is picture recognition which might involve pre-registering pictures of friends which are then presented in a gallery containing pictures of random unknown people, with the authentication task being to select the friends. Another example picture recognition test is a requirement to click on multiple particular points on a single pre-registered picture, where these points are pre-registered with the picture.
code generation (which is an example of a possession-based test): a user may have a device for generating codes, referred to as a transaction number (TAN). One example is photo-TAN as described in EP1959374A1. With photo-TAN, the authentication requires the user to have physical possession of his registered mobile device loaded with an application to view with the camera the display of the personal computer on which the session is taking place, so the camera can take an image of a barcode or the like being displayed on the screen by the banking (or other) application software. Another example is TAN using a dedicated TAN generation device. With a TAN generation device, then the user's physical possession of the TAN generation device is required, and in some cases also the bank card, which needs to be inserted into the device.
location: a user may have his location checked, or more probably the location of the device with which he is logged on to the service. Location may be checked by any known method such as GPS, mobile phone tower triangulation, and/or wireless LAN signal strength of known wireless LANs, among others. Location may be integrated into a test by comparing current location with pre-registered safe locations, such as proximity to the user's home address, work address, or proximity to a SIM card installed in the user's car or other user-owned GPS-enabled devices, or based on an analysis of previous behavior.
In a multi-tier, step-up authentication scheme, the system will either re-apply the same authentication, but with a higher score being needed, or, more likely, will employ a different type of authentication. For example, one step up after login with username and password might be to invoke a TAN process or a biometric test.
US2014/0208419A1 discloses a multi-tiered authentication method which dynamically monitors the risk profile of a user during a session. An authentication level for each available service is set dynamically during the session based on said monitored risk profile. If the authentication level for a service is higher than the current authentication level for the user, a further authentication request is sent to the user with the aim of increasing the authentication level to that required to access the requested service.
US2015/0229625A1 discloses an authentication method based on discrete levels of authentication being needed to perform different groups of banking functions. The proposed authentication method also includes circumstantial data in the scoring. The circumstantial data is described as being location-based; either the user's current location in relation to recent previous locations or known historical behavior, or the user's location in relation to close family members or friends. The circumstantial data is also described as being based on behavior pattern analysis of current behavior compared against previous behavior in terms of use of the device with which the user is conducting the current session with the banking or other application.
US2014/0172707A1 describes a multi-tiered authentication scheme in which the initial authentication tier is by face recognition and the step-up involves re-running the face recognition, but with a better match being required, i.e. a higher threshold score, and also by applying a second type of authentication. For authentication, the system determines the type of the transaction which the user is requesting to perform, e.g. bank transfer, and from that selects an appropriate rule set, i.e. in this case one for bank transfers, from multiple pre-defined rule sets. Then, from that selected rule set, the system determines relevant factors related to the context in which the transaction is being requested in order to optimize the authentication. It is also described that the threshold score can be varied according to the environmental conditions of the session. For face recognition, it is proposed that if there are low or high ambient light conditions then the threshold should be reduced to ensure the face recognition can still work. For voice recognition, it is proposed that the threshold can be adjusted up or down according to the level of background noise. To avoid these sensitivity adjustments compromising the security of the authentication process, it is proposed that the weight given to different authentication types is also varied during the session. In a noisy environment, the system can give greater weight to a face recognition mode of authentication and a lower weight to a voice recognition mode of authentication. In an environment of low ambient light, the system can give a greater weight to a finger print recognition mode of authentication and a lower weight to a face recognition mode of authentication. In this way, each mode of authentication can still be employed by adjusting sensitivity, but the contribution of each mode to the overall score is adjusted interactively during the session depending on the session conditions to ensure sufficient integrity of the authentication is maintained.
It is therefore clear that there are advantages in carrying out a multi-tiered user authentication interactively based on the circumstances of the current session, such as the user's current location, the environmental conditions under which the session is taking place, or by comparing the overall circumstances of the current session with historical data for the same user.